It has been said that a wise man will keep his friends close, and his enemies closer. But is that really a good strategy? If you are too insecure to function when you can’t see what your enemies are doing behind your back, invite them into your camp, and offer them a place at your table. Sure, what could possibly go wrong? Yet this seems to be the strategy of tech companies when it comes to fighting hackers. Give them a white hat to replace their black one, and call them friend.
Black Hats, White Hats, and Security Researchers
What’s the difference between a black hat, white hat, and security researcher? Acknowledgment. If you hack a company without ever telling them, you are a black hat. If you hack a company, but tell them about it afterwards, you are a white hat. And if you hack a company on behalf of the company, you are a security researcher. It all depends on if the company acknowledges, and endorses your work.
Even now, Google has a program that pays hackers to find vulnerabilities in their products and services. They call it a Vulnerability Research Grant. If you find black hatting unprofitable, slip on a white hat, gain some recognition, and earn some money for your efforts. Google knows they are going to be hacked anyway. They figure that it is cheaper to pay hackers for their efforts, than to have them mucking about and find other ways to profit from it. The scheme might be genius.
Hiring Hackers
Google is not alone in this strategy. As early as 2011, Apple was hiring high-profile, iPhone hackers, notably, Nicholas Allegra and Peter Hajas from the jailbreak community. If there is one company that despises the work of hackers, it’s Apple. Yet four years into the iOS platform, they took on a strategy of, If you can’t beat them, hire them.
Later that same year, the NSA made it known that they were looking for a few good hackers. If our own National Security Agency has decided to bring hackers into the camp, what can we, as individuals, do to protect ourselves?
Hire Your Own White Hat
In one sense, security software is the digital representation of a white hat hacker. These are people who have found security vulnerabilities, and discovered ways to plug them, or block the efforts of those who would seek to use them. In that sense, buying security software is a little like hiring your own white hat hacker. It is a way of fighting fire with fire. Internet security software usually attempts to:
- Block Dangerous Websites
- Guard against Identity Theft
- Protect Kids Online
The Problem with White Hats
Instead of computer hackers, think of home burglars. A black hat is one who breaks in and steels your stuff. A white hat breaks in and leaves a note. It tells you that someone broke it. And you are told that if you do not upgrade your home security to the specifications and in the timeframe set by the burglar, he will reveal your address, and how he broke in to every thief in the world. The security guard is a white hat you hire to keep everyone else from entering your house.
A hacker is like the person who sneaks around the neighborhood trying all the doors and windows to see which ones he can enter. It doesn’t matter if he steels anything or not. He is not doing you any favors. Hiring hackers feels like capitulating to a mafia-like protection scheme. One way or the other, we are going to have to pay them.
But my objections have already been overruled. Right now, at some universities, you can get a certified ethical hacker degree. You can go from hiring a hacker to becoming one. To paraphrase Batman, perhaps the white hat hacker is the hero we deserve.
0